“…For example, there are many detection and prevention methods of SQL injection, they are either signature-based such in Shanmughaneethi et al (2009), behaviour-based (Pinzón et al, 2013), grammar-based (Bisht et al, 2010;Kemalis and Tzouramanis, 2008), or taint-based (Jan et al, 2010;Alazab et al, 2011;Tateishi and Tabuchi, 2007;Papagiannis et al, 2011). The XSS detection and prevention methods are also categorised in the same way as the SQL injection detection and prevention methods, they are either signaturebased (Shanmughaneethi et al, 2009), or behaviour-based (Sundareswaran and Squicciarini, 2012), or grammar-based (Chandra and Selvakumar, 2011), or taint-based (Avancini and Ceccato, 2010). In order to protect against CSRF attacks (also known as XSRF, 'sea surf', session riding, CSRF, hostile linking, and one-click attack), OWASP developed a server-side CSRF protection mechanism for Apache (called mod_csrfprotector), Java (called CSRFGuard) and PHP (called CSRF-protector-PHP).…”